summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2012-11-14 16:29:14 +0100
committerJakub Hrozek <jhrozek@redhat.com>2012-11-19 22:42:46 +0100
commitba098f8670c680c805531dd2714f32bd2c108860 (patch)
tree98e00ab4d3c4e92dcd0a7c5581dd75ef844b52f0
parent6ef6612dd9e52c879e536a8b06bfeb4408d337b1 (diff)
downloadsssd-ba098f8670c680c805531dd2714f32bd2c108860.tar.gz
sssd-ba098f8670c680c805531dd2714f32bd2c108860.tar.bz2
sssd-ba098f8670c680c805531dd2714f32bd2c108860.zip
Fix compare_principal_realm() check
In case of a short UPN compare_principal_realm() erroneously returns an error.
-rw-r--r--src/providers/krb5/krb5_common.c12
-rw-r--r--src/tests/krb5_utils-tests.c6
2 files changed, 9 insertions, 9 deletions
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
index ee3d7252..ed2fffae 100644
--- a/src/providers/krb5/krb5_common.c
+++ b/src/providers/krb5/krb5_common.c
@@ -898,22 +898,16 @@ errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
errno_t compare_principal_realm(const char *upn, const char *realm,
bool *different_realm)
{
- size_t upn_len;
- size_t realm_len;
char *at_sign;
- if (upn == NULL || realm == NULL || different_realm == NULL) {
+ if (upn == NULL || realm == NULL || different_realm == NULL ||
+ *upn == '\0' || *realm == '\0') {
return EINVAL;
}
- upn_len = strlen(upn);
- realm_len = strlen(realm);
at_sign = strchr(upn, '@');
- /* if coming from the same realm the upn must be at least the size of the
- * realm plus 1 for the '@' char. */
- if (upn_len == 0 || realm_len == 0 || upn_len <= realm_len + 1 ||
- at_sign == NULL) {
+ if (at_sign == NULL) {
return EINVAL;
}
diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c
index 77dc27ca..bc1890f0 100644
--- a/src/tests/krb5_utils-tests.c
+++ b/src/tests/krb5_utils-tests.c
@@ -711,6 +711,12 @@ START_TEST(test_compare_principal_realm)
fail_unless(ret == EOK, "Failure with different realm");
fail_unless(different_realm == true, "Different realm but " \
"different_realm is not true.");
+
+ ret = compare_principal_realm("user@ABC", "REALMNAMELONGERTHANUPN",
+ &different_realm);
+ fail_unless(ret == EOK, "Failure with long realm name.");
+ fail_unless(different_realm == true, "Realm name longer than UPN but "
+ "different_realm is not true.");
}
END_TEST